Solved

Modyfy code for admin

Posted on 2008-06-11
7
240 Views
Last Modified: 2012-08-14
Hello everyone,

I have a code that has been created that pulls username and sends it to the registry. I am looking at adding this to the login script of our company, the only issue is that you need to have admin rights to edit the registry.

Now we have 3 passwords here for the admin:

Username:     Administrator
Password:    Password1
Password:    Password2
Password:    Password3

Now is there a way to add this, and have an if statement for the passwords?


Thanks in advanced Experts...

-Lance
0
Comment
Question by:NTTldola
7 Comments
 

Author Comment

by:NTTldola
Comment Utility
Sorry guys heres the code
Const HKLM = &H80000002

Dim objReg : Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

strKeyPath = "System\SHInfo"
 

UserID=WScript.CreateObject("WScript.Network").UserName

UserName=WScript.CreateObject("WScript.Network").UserName
 

oReg.SetStringValue HKLM,strKeyPath,"UserID",UserID

oReg.SetStringValue HKLM,strKeyPath,"UserName",UserName

 

Set oReg=Nothing

Open in new window

0
 
LVL 67

Expert Comment

by:sirbounty
Comment Utility
Do you have a list of devices?  And are these updates the same for all systems?

If so, you would simply loop through an arran and replace the period (.) in your GetObject statement to the computer name...run it from an admin console.

arrComputers="C:\ListOfPCs.txt"
For Each PC in arrComputers
Dim objReg : Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & PC & "\root\default:StdRegProv")

Not working code - but you get the idea...if that's an option, let me know and I can post the code for you...
0
 

Author Comment

by:NTTldola
Comment Utility
No I don't have a list of devices, this will be placed into the login script which will then be run when the user logs in.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 67

Expert Comment

by:sirbounty
Comment Utility
Hmm - your users won't have admin rights, so they won't be able to modify the hklm hive.
Perhaps another expert has an idea...I can't think of a 'safe' way to allow end users this access through a logon script...(unless you were able to use HKCU hive instead...?)
0
 
LVL 1

Expert Comment

by:davenport651
Comment Utility
I thought login scripts ran as the System account not the user account.  A login script should be able to edit HKLM registry hive without granting a user any extra rights.  Have you created a test user with limited rights and deployed your script to that user to see if you get the desired effect?

Also, I don't understand what your goal is with the password lines.
0
 
LVL 29

Accepted Solution

by:
matrixnz earned 250 total points
Comment Utility
DavenPort651
     Users = Login/Logoff Scripts - Runs using users Credentials
     Access to HKCU

     Computers = Startup/ShutDown Scripts - System Account Credentials
     Access to HKLM

NTTldola
You could use a AutoIT Script to do as you're suggested, using RunAs() however it's not secure, I mean you can't just read the password like in a batch or vb script because it's an executable but, if the users are bright enough they may be able to crack it.  AutoIT can be found here http://www.autoitscripts.com it's free to use as well.

The other method is to use a two shot method, i.e. in a startupscript use Regini to change permissions on the HKEY_LOCAL_MACHINE\System\SHInfo Key
more infor on Regini here - http://support.microsoft.com/kb/264584

Another method is to use SetACL found here - http://setacl.sourceforge.net/html/examples.html
although it's not as easy as Regini, you can modify a permission whereas with Regini the permissions are replaced not modified.

Hope that helps.

Cheers
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 250 total points
Comment Utility
If this is on a an Active Directory LAN then use Group Policy to set permissions on those registry keys:

http://www.lockergnome.com/windows/2005/01/11/set-registry-permissions-using-group-policy/

Like it says apply this to the OU containing or above your computers (put them in an OU if needed), set the permissions then when the computers next refresh group policy they will get the registry permission change ready for the next logon.

Then the users will have access and your current script will work without any impersonation.

Steve
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Background What I'm presenting in this article is the result of 2 conditions in my work area: We have a SQL Server production environment but no development or test environment; andWe have an MS Access front end using tables in SQL Server but we a…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now